Secure Peer-to-Peer Messaging Invitation Architecture

ABSTRACT

First and second communication devices respectively have first and second personal identification numbers (PINs). The first communication device transmits to the second communication device a first encryption key, and receives from the second communication device the second PIN that has been encrypted by the second communication device using the first encryption key. The first communication device receives from the second communication device a second encryption key, decrypts the encrypted second PIN, and encrypts the first PIN using the second encryption key, and transmits the encrypted first PIN to the second communication device. The first communication device conducts, with the second communication, device a peer-to-peer messaging session by transmitting to the second communication device peer-to-peer messages that contain the second PIN and receiving from the second communication device peer-to-peer messages that contain the first PIN. Each message is routed by a routing server based on the respective first and second PINs.

CROSS-REFERENCE TO RELATED APPLICATIONS

This is a continuation of U.S. patent application Ser. No. 12/940,721filed Nov. 5, 2010, which is a continuation of U.S. patent applicationSer. No. 12/342,291, filed Dec. 23, 2008 (now U.S. Pat. No. 7,849,313),which is a continuation of U.S. patent application Ser. No. 10/975,442,filed Oct. 29, 2004 (now U.S. Pat. No. 7,489,781), all incorporatedherein by reference.

FIELD OF TECHNOLOGY

The present application relates generally to a secure messaginginvitation architecture for mobile devices such as cell phones, smartphones, personal data assistants (PDAs), pagers, handheld computers,phone-enabled laptop computers, and other mobile electronic devices, andmore particularly, to a peer-to-peer immediate messaging solution formobile devices.

BACKGROUND INFORMATION

Instant messaging (IM) is a service that alerts users when anotherindividual, such as a friend or colleague, is online and allows them tosend messages to each other in real time, without the store-and-forwarddelays inherent in an electronic mail solution. With instant messaging,each user creates a list of other users with whom he or she wishes tocommunicate (commonly referred to as “buddy lists”). An instantmessaging server keeps track of the online status of each of itssubscribed users (often referred to as presence information), and whensomeone from a user's buddy list is online, the service alerts that userand enables immediate contact with the other user.

IM solutions are multiplying quickly and are showing up not only inland-line environments but also in wireless environments used by mobiledevices such as cell phones, smart phones, personal data assistants(PDAs), pagers, phone-enabled laptop computers, and other mobileelectronic devices. Wireless environments offer the potential for strongIM solutions, based on the time a user carries their mobile device withthem. The number of available mobile devices that can run IM solutionsis in the hundreds of millions.

It is well known in the art to port IM clients to a mobile device inorder to gain access to one of the many IM services available. Theseservices include AOL's Instant Messenger (AIM), ICQ, Yahoo! andMicrosoft's MSN Messenger products. These products are known to havetens of millions of users supported by each IM server, and thesecommunities are sometimes inter-connected to produce even largercommunities. However, land-line and desktop-based IM solutions fallsshort of what a user that is often mobile wants and needs, namely goodIM functionality wherever they may be with their mobile device.Additionally, the small screens and memories of mobile devices oftenresult in a frustrating experience for people on the road trying to useIM. These people are forced to accept the poor performance andexperience of existing IM solutions because they want or need to reachland-line users operating legacy desktop IM solutions and have no otheralternatives to select from. There is thus a need for a better and morecomplete messaging solution (that enables immediate messaging like IM)that is designed for wireless mobile electronic devices that can takeadvantage of the “always on” nature of a mobile device.

Another problem with existing IM applications is the lack of security.With existing IM applications, it is easy to share the identity ofusers, meaning that one's identity may be widely disseminated withoutpermission and one might therefore receive messages from an unknown orunwanted source. This leads to a proliferation of junk messages, spam,viruses, and other security concerns. It is also difficult to verify orauthenticate the source of an invitation to initiate messaging, whichmay give rise to impersonation and related security issues.

Another common wireless messaging standard is short message service(SMS), used throughout North America and especially in European Chinaand India. This service also has many flaws. First, the addressing ofeach SMS user must be performed through their MS-ISDN, or telephonenumber. This phone number is extremely easy to pass around and it isimpossible to verify the authenticity of the sender. Second, there is noimplied presence, or any actual delivery information, so the exchange ofinformation has a lot of risk associated with it. SMS also has noconcept of a conversation that lasts forever, and in fact there are noSMS devices that keep long-term status information regarding an SMSconversation with another party.

BRIEF DESCRIPTION OF THE DRAWINGS

Embodiments will now be described, by way of example only, withreference to the attached Figures, wherein:

FIG. 1 is a block diagram of a system providing immediate peer-to-peermessaging between mobile devices;

FIG. 2 is a view of a portion of a display of a mobile device showing anexemplary contact database screen which is part of a peer-to-peermessaging application;

FIG. 3 is a view of a portion of a display of a mobile device showing anexemplary status screen forming a part of a peer-to-peer messagingapplication;

FIG. 4 shows an example embodiment of a graphical user interface fornotifying a user of receipt of a messaging invitation;

FIG. 5 shows, in block diagram form, a mobile device configured toprovide peer-to-peer messaging; and

FIG. 6 shows, in flowchart form, a method for securely exchangingpersonal identification numbers in a mobile messaging system.

Like reference numerals are used throughout the Figures to denotesimilar elements and features.

DETAILED DESCRIPTION

The present application describes a system and a method that provide forimmediate peer-to-peer messaging between mobile devices. The system andmethod provide increased security by maintaining the secrecy of theunderlying address identity of each user of a mobile device in thesystem. An invitation architecture is disclosed which enables theexchange of personal identification numbers (PINs) without requiring auser to directly access or provide his or her PIN. A messagingapplication encrypts its associated PIN before providing it to amessaging application on another mobile device through an existingcommunication application. The invitation architecture automaticallymanages the encryption, any requisite key exchanges, the composition ofinvitation and acceptance messages, and the decryption and storage ofPINs.

In one aspect, the present application provides a method of securelyexchanging personal identification numbers between a first mobile deviceand a second mobile device. The mobile devices are used in a systemincluding a wireless network and a routing server coupled to thewireless network. Each mobile device has one or more communicationsapplications and each mobile device further has a messaging application.The first mobile device has a first personal identification number andthe second mobile device has a second personal identification number.The method includes the steps of encrypting the first personalidentification number, sending the encrypted first personalidentification number from the first mobile device to the second mobiledevice using one of the communication applications, and decrypting theencrypted first personal identification number and storing the firstpersonal identification number in a memory on the second mobile device.The method also includes the steps of encrypting the second personalidentification number, sending the encrypted second personalidentification number from the second mobile device to the first mobiledevice using one of the communication applications, and decrypting theencrypted second personal identification number and storing the secondpersonal identification number in a memory on the first mobile device.After this exchange of PINs, peer-to-peer messages are exchanged betweenthe first mobile device and the second mobile device using the messagingapplications. Each peer-to-peer message contains one of the personalidentification numbers and each peer-to-peer message is routed by therouting server based upon the personal identification numbers.

In another aspect, the present application provides a peer-to-peermessaging system. The system includes a plurality of mobile devices, awireless network, and a routing server coupled to the wireless network.Each mobile device has one or more communication applications and eachmobile device includes a memory storing a first personal identificationnumber. Each mobile device also includes a messaging application whereinthe messaging application includes an encryption component, a decryptioncomponent, a contact management component, and a messaging component.The encryption component is for encrypting the first personalidentification number and for embedding the encrypted first personalidentification number into a communication for transmission to anothermobile device using one of the communication applications. Thedecryption component is for receiving an incoming communication from theanother mobile device via the one of the communication applications,wherein the incoming communication includes an encrypted second personalidentification number, and for extracting and decrypting the encryptedsecond personal identification number. The contact management componentis for automatically managing the exchange of invitations andacceptances with the another mobile device using the one of thecommunication applications. The messaging component is for sending andreceiving peer-to-peer messages, whereby the peer-to-peer messages eachinclude one of the personal identification numbers, and wherein thepeer-to-peer messages are routed by the routing server based upon thepersonal identification numbers.

In yet another aspect, the present application provides a mobile devicefor engaging in peer-to-peer messaging with other mobile devices over awireless network. The wireless network includes a routing server. Themobile device includes a communications subsystem for engaging inwireless communication with the wireless network, memory for storing afirst personal identification number, and a processor connected to thememory and to the communications subsystem for controlling operation ofthe communications subsystem. The mobile device also includes acommunication application for composing and sending communications tothe other mobile devices and a messaging application. The messagingapplication includes an encryption component, a decryption component, acontact management component, and a messaging component. The encryptioncomponent is for encrypting the first personal identification number andfor embedding the encrypted first personal identification number into acommunication for transmission to another mobile device using one of thecommunication applications. The decryption component is for receiving anincoming communication from the another mobile device via the one of thecommunication applications, wherein the incoming communication includesan encrypted second personal identification number, and for extractingand decrypting the encrypted second personal identification number. Thecontact management component is for automatically managing the exchangeof invitations and acceptances with the another mobile device using theone of the communication applications. The messaging component is forsending and receiving peer-to-peer messages, whereby the peer-to-peermessages each include one of the personal identification numbers, andwherein the peer-to-peer messages are routed by the routing server basedupon the personal identification numbers.

In a further aspect, the present application discloses a methodimplemented by a mobile device in a system comprising the mobile device,a wireless network and a routing server coupled to the wireless network,the mobile device having a user interface and a plurality ofcommunications applications and further having a messaging application,the mobile device having a first personal identification number. Themethod includes receiving an invitation via one of the communicationsapplications, the invitation including a question; displaying thequestion; receiving through the user interface an answer in response tothe question; encrypting the first personal identification number;transmitting the answer and the encrypted first personal identificationnumber in response to the received invitation; receiving an encryptedsecond personal identification number in response to the transmittedfirst personal identification number; and decrypting the encryptedsecond personal identification number. The peer-to-peer messages aresent and received by the mobile device using said messaging application,and each transmitted peer-to-peer message contains the second personalidentification number, each received peer-to-peer message contains thefirst personal identification number, and each peer-to-peer message isrouted by the routing server based upon said personal identificationnumbers.

In yet a further aspect, the present application discloses a methodimplemented by a mobile device in a system comprising said mobiledevice, a wireless network and a routing server coupled to the wirelessnetwork, the mobile device having one or more communicationsapplications and further having a messaging application, the mobiledevice having a first personal identification number. The methodincludes sending an invitation via one of the communicationsapplications, the invitation including a question, the question having astored answer; encrypting the first personal identification number;receiving a user-submitted answer and an encrypted second personalidentification number in response to the invitation; confirming that theuser-submitted answer matches the stored answer; decrypting the secondencrypted personal identification number; and transmitting the encryptedfirst personal identification number in response to receipt of theencrypted second personal identification number. The wherebypeer-to-peer messages are sent and received by the mobile device usingsaid messaging application, and each transmitted peer-to-peer messagecontains the second personal identification number, each receivedpeer-to-peer message contains the first personal identification number,and each peer-to-peer message is routed by the routing server based uponsaid personal identification numbers.

In another aspect, the present application discloses a mobile device foruse in a peer-to-peer messaging system comprising said mobile device, awireless network, and a routing server coupled to the wireless network.The mobile device includes a first memory storing a first personalidentification number; one or more communication applications; a firstencryption component configured to encrypt said first personalidentification number and decrypt an encrypted second personalidentification number using an encryption key; a first contactmanagement component configured to receive an invitation via one of saidone or more communication applications, the invitation including aquestion, display the invitation including the question, receive ananswer via a user interface in response to the question, transmit theanswer and the encrypted first personal identification number inresponse to the invitation, and receive the encrypted second personalidentification number in response to transmission of the encrypted firstpersonal identification number; and a first messaging application forsending and receiving peer-to-peer messages. Each transmittedpeer-to-peer message includes the second personal identification number,each received peer-to-peer message includes the first personalidentification number, and said peer-to-peer messages are routed by therouting server based upon said personal identification numbers.

In yet a further aspect, the present application discloses apeer-to-peer messaging system, comprising the mobile device describedabove and another mobile device. The another mobile device includes asecond memory storing the second personal identification number, one ormore communication applications, a second encryption componentconfigured to encrypt said second personal identification number anddecrypt the encrypted first personal identification number using theencryption key, a second contact management component configured to sendthe invitation to the mobile device using said one of said communicationapplications, receive an acceptance from said mobile device containingsaid answer, receive the encrypted first personal identification numberfrom the mobile device, confirm that the received answer matches astored answer, and transmit the encrypted second personal identificationnumber to the mobile device, and a second messaging application forsending and receiving peer-to-peer messages.

Other aspects and features of the present application will be apparentto one of ordinary skill in the art in light of the following detaileddescription and drawings depicting one or more embodiments.

Referring now to the drawings, FIG. 1 is a block diagram of a system 5for enabling immediate peer-to-peer messaging. System 5 includes aplurality of mobile stations 10, such as mobile devices 10A and 10Bshown in FIG. 1, which may be any type of wireless mobile electroniccommunications device such as a cell phone, a smart phone, a personaldata assistant (PDA), a pager, a handheld computer or a phone-enabledlaptop computer, to name a few. As is known, each mobile device 10 maybe provided with various applications, including, without limitation,one or more currently existing applications that enable communicationwith other mobile devices 10, such as a wireless telephone application,an email application, a short message service (SMS) application, amultimedia messaging service (MMS) application, an enhanced messageservice (EMS) application, and other Internet enable messagingapplications (each of which may be referred to herein as an “existingcommunications application”). In addition, each mobile device 10 isprovided with an application that implements the peer-to-peer messagingsolution described herein (referred to herein as the “messagingapplication”). The term “application” as used herein shall include oneor more programs, routines, subroutines, function calls or other type ofsoftware or firmware and the like, alone or in combination. System 5also includes wireless network 15, which may be any wirelesscommunications network or combination of interconnected networks,including, without limitation, Mobiltex™, DataTAC™, AMPS, TDMA, CDMA,GSM/GPRS, PCS, EDGE, UMTS or CDPD. As is known, wireless network 15includes a plurality of base stations that perform radio frequency (RF)protocols to support data and voice exchanges with mobile devices 10Aand 10B. Routing server 20 is coupled to wireless network 15. Routingserver 20 may be any type of routing equipment capable of routing datapackets, including, without limitation, a TCP/IP router such as thosesold by Cisco Systems, Inc. of San Jose, Calif., or a network addresstranslation server (NAT).

Each mobile device 10 of system 5 is assigned and stores a uniquepersonal identification number (PIN). The PIN for each mobile device 10may be assigned and stored therein when it is manufactured or throughits subscriber identity module (SIM). Each PIN is mapped to a networkaddress for the corresponding mobile device 10 on wireless network 15that enables data to be routed to the mobile device 10. Routing server20 includes one or more routing tables for routing messages sent bymobile devices 10 based on this mapping. In one exemplary embodiment,the PIN may actually be the network address itself, and in anotherexemplary embodiment, the PIN may be the phone number of the mobiledevice 10 or a unique ID such as the mobile subscriber ISDN (MSISDN) forthe mobile device 10, and the network address may be an IP address orthe like. It will be understood that the term “personal identificationnumber” or “PIN” used herein is not intended to be limited solely tonumeric identifiers, but is to be understood broadly and may includealphanumeric identifiers, binary identifiers, or other identifiers thatcan be used to enable peer-to-peer messaging.

For convenience in describing the establishment and maintenance of apeer-to-peer messaging session between two mobile devices 10, referencewill be made to mobile device 10A and 10B shown in FIG. 1. It will beappreciated, however, that the same description will apply to apeer-to-peer messaging session between any two mobile devices 10. When auser of mobile device 10A wants to establish a peer-to-peer messagingsession with another mobile device 10, such as mobile device 10B, mobiledevice 10A creates and sends an invitation to mobile device 10B usingone or more of the existing communications applications common to bothmobile device 10A and mobile device 10B. Preferably, this is facilitatedand accomplished through the peer-to-peer messaging application usingappropriate menus and/or dialog boxes displayed to the user on a displayof mobile device 10A. For example, in one embodiment, the user initiatesan invitation through selecting an invitation option in a dialog box ormenu associated with the messaging application. The user may be promptedto provide address information for routing the invitation using theexisting communication application. For example, the user may provide anemail address associated with mobile device 10B. The messagingapplication then causes an e-mail to be composed and sent to mobiledevice 10B using an e-mail application.

The invitation in each case consists of a message appropriate for theparticular existing communications application, such as an email, SMS,EMS, or MMS message or a wireless telephone call, that includes someform of a request as to whether the user of mobile device 10B wants toaccept the invitation and establish a peer-to-peer messaging sessionwith mobile device 10A using mobile device 10B and an indicator(s) thatidentifies the message as an invitation to engage in peer-to-peermessaging. The indicator(s) may include an attachment, embedded text, orother data elements that enable the messaging application on mobiledevice 10B to recognize the message as an invitation. The messagingapplication is configured to monitor the “inbox” or watch for receipt ofmessages in connection with one or more of the existing communicationapplications. In particular, the messaging application monitors incomingmessages to determine if they contain the indicator(s) that wouldsignify that the message is a peer-to-peer messaging invitation.

Upon receipt of such an invitation, the messaging application on mobiledevice 10B invokes an acceptance process or routine. In particular, themessaging application notifies the user of mobile device 10B that aninvitation has been received and solicits input from the user as towhether or not the invitation should be accepted. The notification mayinclude information identifying the user of mobile device 10A, such asan e-mail address or other such information as may be obtained from theinvitation. In one embodiment, the notification may be presented to theuser of mobile device 10B by the messaging application in the form of adialog box, menu, pop-up window or other graphical user interface (GUI).The notification window or interface may, in one embodiment, includeselectable buttons or other graphical input features to allow the userof the mobile device 10B to indicate whether or not the invitation isaccepted.

If the user of mobile device 10B indicates that he or she accepts theinvitation and therefore wishes to establish a peer-to-peer messagingsession, for example by selecting an “accept” button on the GUI, thenthe messaging application on mobile device 10B causes an acceptancecommunication to be transmitted to the originating mobile device 10A byway of the appropriate existing communication application. For example,in one embodiment the messaging application causes an acceptance e-mailto be composed and sent using the e-mail application. The messagingapplication on mobile device 10A is configured to recognize receipt ofan acceptance message, like an acceptance e-mail.

In addition to, or in conjunction with, exchanging an invitation andacceptance using the existing communication applications, the mobiledevices 10A and 10B exchange PINs. In one embodiment, the PIN for mobiledevice 10B is sent with the acceptance message. In one embodiment, thePIN for mobile device 10A may be sent with either the invitation messageor with a subsequent acknowledgement message after receipt of theacceptance message.

In accordance with the present application, the secrecy andconfidentiality of the PINs is maintained despite the need to exchangethem between mobile devices. If a user's PIN is made generally availableto another user by sending it over an unsecured channel, then it is easyfor the other user to share the PIN with a wide range of users or it iseasy for an unauthorized recipient to intercept a message and obtain thePIN. Most of the existing communication applications, like e-mail,utilize unsecured channels. As a result a mobile device may receivemessages from unwanted sources that have obtained the PIN for the mobiledevice. Accordingly, the PINs are exchanged in an encrypted form inembodiments disclosed in the present application.

The encrypted PINs may be embedded directly within the messages sentusing the existing communication applications or may be attached to themessages. For example, with an e-mail application the encrypted PIN maybe attached as a binary file. It will be appreciated that e-mail havinga binary file attached may encounter problems in traversing firewallsand spam filters. Accordingly, in another embodiment, the encrypted PINis embedded directly within the body of the e-mail. In this embodiment,a reader of the e-mail will see the encrypted PIN as a series ofincomprehensible text symbols, however the messaging application isconfigured to extract and decrypt the encrypted PIN. Additional detailsregarding the exchange of encrypted PINs and related key management andkey exchange operations are provided below.

As will be appreciated, once the above steps are complete, mobile device10A will have the PIN for mobile device 10B, and mobile device 10B willhave the PIN for mobile device 10A. Now, if either mobile device 10A or10B desires to send a peer-to-peer message to the other, it prepares apeer-to-peer message using the peer-to-peer messaging application thatincludes the PIN of the recipient mobile device 10 (10A or 10B, as thecase may be), preferably in the message header, along with the messageinformation that is to be sent. The peer-to-peer message is then sent bythe mobile device 10 through wireless network 15 to routing server 20.Routing server 20 obtains the PIN from the peer-to-peer message and usesit to determine the network address of the recipient mobile device 10(10A or 10B, as the case may be) using the routing table(s) storedtherein, and sends the message to the recipient mobile device 10 (10A or10B, as the case may be) through wireless network 15 using thedetermined network address. Once received, the peer-to-peer message, andin particular the message information contained therein, may bedisplayed to the user of the recipient mobile device 10 (10A or 10B, asthe case may be).

Reference is now made to FIG. 5, which shows a block diagram of anexample embodiment of a mobile device 10. In the example embodiment, themobile device 10 is a two-way mobile communication device 10 having dataand possibly also voice communication capabilities. In an exampleembodiment, the device 10 has the capability to communicate with othercomputer systems on the Internet. Depending on the functionalityprovided by the device 10, in various embodiments the device may be adata communication device, a multiple-mode communication deviceconfigured for both data and voice communication, a mobile telephone, aPDA enabled for wireless communication, or a computer system with awireless modem, among other things.

The device 10 includes a communication subsystem 111, including areceiver 112, a transmitter 114, and associated components such as oneor more, preferably embedded or internal, antenna elements 116 and 118,and a processing module such as a digital signal processor (DSP) 120. Insome embodiments, the communication subsystem includes localoscillator(s) (LO) 113, and in some embodiments the communicationsubsystem 111 and a microprocessor 138 share an oscillator. As will beapparent to those skilled in the field of communications, the particulardesign of the communication subsystem 111 will be dependent upon thecommunication network in which the device 10 is intended to operate.

Signals received by the antenna 116 through the wireless network 15 areinput to the receiver 112, which may perform such common receiverfunctions as signal amplification, frequency down conversion, filtering,channel selection and the like, and in some embodiments, analog todigital conversion. In a similar manner, signals to be transmitted areprocessed, including modulation and encoding for example, by the DSP 120and input to the transmitter 114 for digital to analog conversion,frequency up conversion, filtering, amplification and transmission overthe wireless network 15 via the antenna 118.

The device 10 includes the microprocessor 138 that controls the overalloperation of the device. The microprocessor 138 interacts with thecommunications subsystem 111 and also interacts with further devicesubsystems such as the graphics subsystem 144, flash memory 124, randomaccess memory (RAM) 126, a subscriber identity module (SIM) 156,auxiliary input/output (I/O) subsystems 128, serial port 130, keyboardor keypad 132, speaker 134, microphone 136, a short-range communicationssubsystem 140, and any other device subsystems generally designated as142. The graphics subsystem 144 interacts with the display 122 andrenders graphics or text upon the display 122.

Operating system software 154 and various software applications 158 usedby the microprocessor 138 are, in one example embodiment, stored in apersistent store such as flash memory 124 or similar storage element.Those skilled in the art will appreciate that the operating system 154,software applications 158, or parts thereof, may be temporarily loadedinto a volatile store such as RAM 126. It is contemplated that receivedcommunication signals may also be stored to RAM 126.

The microprocessor 138, in addition to its operating system functions,preferably enables execution of software applications 158 on the device.A predetermined set of communication applications 162 may be installedon the device 10 during manufacture. The communication applications 162may include data communication applications and/or voice communicationapplications. A typical data communication application may include anelectronic messaging module for allowing a user to receive, read,compose, and send text-based messages. For example, the electronicmessaging module may include an e-mail application, a SMS application,an MMS application, and/or an EMS application. Further softwareapplications 158 and/or communication applications 162 may also beloaded onto the device 10 through the network 15, the auxiliary I/Osubsystem 128, serial port 130, short-range communications subsystem 140or any other suitable subsystem 142, and installed by a user in the RAM126 or a non-volatile store for execution by the microprocessor 138.Such flexibility in application installation increases the functionalityof the device 10 and may provide enhanced on-device functions,communication-related functions, or both.

In a data communication mode, a received signal such as a text messageor web page download will be processed by the communication subsystem111 and input to the microprocessor 138, which will preferably furtherprocess the received signal for output to the display 122 through thegraphics subsystem 144, or alternatively to an auxiliary I/O device 128.A user of device 10 may also compose data items within a softwareapplication 158 or a communication application 162, such as emailmessages for example, using the keyboard 132 in conjunction with thedisplay 122 and possibly an auxiliary I/O device 128. Such composeditems may then be transmitted over a communication network through thecommunication subsystem 111.

The serial port 130 shown in FIG. 5 would normally be implemented in apersonal digital assistant (PDA)-type communication device for whichsynchronization with a user's desktop computer (not shown) may bedesirable, but is an optional device component. Such a port 130 wouldenable a user to set preferences through an external device or softwareapplication and would extend the capabilities of the device by providingfor information or software downloads to the device 10 other thanthrough a wireless communication network.

The short-range communications subsystem 140 is a further componentwhich may provide for communication between the device 10 and differentsystems or devices, which need not necessarily be similar devices. Forexample, the subsystem 140 may include an infrared device and associatedcircuits and components or a Bluetooth™ communication module to providefor communication with similarly enabled systems and devices. The device10 may be a handheld device.

The device 10 further includes a messaging application 160. Themessaging application 160 includes a monitoring component, an invitationcomponent and an acceptance component, which may collectively bereferred to as a contact management component. The role of the contactmanagement component is to establish contact or “buddy” relationships,i.e. to update and maintain the contact information, based on thesending out of or the receiving of invitations and acceptances with newcontacts. The messaging application 160 further includes a messagingcomponent for performing peer-to-peer messaging using the contactinformation.

The PIN associated with the mobile device 10 is stored in memory. Itmay, for example, be stored in the SIM 156, in RAM 126, in firmware orotherwise. Also stored in memory on the device 10 is contact informationfor use in association with the messaging application 160. The contactinformation contains contact names and associated PINs. The invitationcomponent of the messaging application 160 composes and sendsinvitations to prospective contacts. A user of the device 10 instructsthe messaging application 160 to send an invitation to another device.The user may provide an address for reaching the other device, such asan e-mail address. The invitation component generates and sends aninvitation message through one of the communication applications 162,such as the e-mail application.

The monitoring component of the messaging application 160 watches forreceipt of invitation messages from other mobile devices 10. Forexample, the monitoring component may monitor the inbox of the emailapplication to assess whether any received messages are messaginginvitations. A messaging invitation may include predefined text, a code,or some other data element to signify that it is a messaging invitation.If the monitoring component identifies an invitation, then it may notifythe user and prompt the user to accept or reject the invitation. Forexample, the monitoring component may display a dialog box or pop-upwindow showing information regarding the sender of the invitation andoffering selections to the user, such as “accept” and “reject” buttons.If the user indicates acceptance of the invitation, then the acceptancecomponent is triggered.

The acceptance component automatically generates and sends an acceptancemessage through one of the communication applications 162, such as thee-mail application.

The messaging application 160 includes components for performingencryption, decryption, and related key management functions forexchanging PINs. These components may be provided as a part of theinvitation and acceptance components or as separate componentsinteracting therewith. These components manage the encryption of aresident PIN, the generation or calculation of any required key valuesor session keys, the attachment or embedding of encrypted PINs intomessages for transmission through one of the existing communicationapplications 162, and the decryption of encrypted PINs received fromother mobile devices 10 through one of the communication applications162. Further detail regarding encryption, decryption, and key exchangewithin the context of the invitation architecture is given below.

Reference is again made to FIG. 1. In one embodiment, security may beincreased in peer-to-peer messaging by sending invitations as describedabove over multiple communication paths using multiple existingcommunications applications. As will be appreciated, each communicationpath confirms a different address identity for the sender of theinvitation, thus helping to confirm the authenticity of the invitation.For example, the user of mobile device 10A may wish to establish apeer-to-peer messaging session with the user of mobile device 10B bysending an invitation as described above using both an email applicationand an SMS application. In this case, when the invitation messages arereceived by mobile device 10B, the “inbox” or the like of mobile device10B will show two messages from mobile device 10A, i.e., the emailinvitation and the SMS invitation. When the messages arrive, the user ofmobile device 10B could be working in any application of mobile device10B, such as the calendar application, the address book application, thebrowser application or the phone application, or not currently usingmobile device 10B at all (although it is powered on). The user will benotified of the arrival of the invitation messages in the same manner asany other message received by mobile device 10B (e.g., by beeping and/orvibrating). When the user of mobile device 10B opens either of these twomessages, the peer-to-peer messaging application will be invoked toprocess the message. The automatic invocation of the peer-to-peermessaging application may be accomplished by providing each invitationmessage, regardless of form, with special indicators to indicate that itis an invitation for a peer-to-peer messaging session and by programmingthe peer-to-peer application to monitor all incoming messages for suchindicators. In addition, each invitation message, when created withinthe peer-to-peer messaging application, will include an indication ofthe number (over different paths) of invitation messages that were sent.In the case where multiple paths are used, as in this example, thepeer-to-peer messaging application will next scan the “inbox” or thelike for the other invitation message(s). For example, if the emailinvitation message is opened first, the peer-to-peer application willscan the “inbox” or the like for the SMS invitation message. Asdescribed above, the invitation messages may be identified by thespecial indicators provided therewith. The peer-to-peer messagingapplication in this embodiment will not provide the user of mobiledevice 10B with the ability to accept the invitation until the otherinvitation message(s) is found. Once the other invitation message(s) isfound, the user of mobile device 10 may accept the invitation asdescribed above, reject the invitation, or postpone the decision toaccept or reject.

Reference is now made to FIG. 4, which shows an example embodiment of agraphical user interface 200 for notifying a user of receipt of amessaging invitation. The graphical user interface 200 includes a pop-updialog box 204 overlaid or cascaded on top of an inbox display screen202. The pop-up dialog box 204 shown in FIG. 4 indicates the name of thesender, the time, the date, and confirms that multiple paths were usedin sending the invitation, which provides some authentication as to thesource. The pop-up dialog box 204 also presents the user with threeselectable buttons corresponding to the options of accepting theinvitation, rejecting the invitation, and delaying a decision on whetherto accept or reject the invitation.

Reference is again made to FIGS. 1 and 5. As noted above, in theinvitation architecture described in the present application therespective PINs of the mobile devices 10 are covertly exchanged usingone of the existing communication applications. A sending mobile deviceencrypts its PIN prior to transmitting it using the communicationapplication. At the receiving mobile device, the received encrypted PINis decrypted. Through appropriate key management, access to theunencrypted PIN is limited to the messaging applications on therespective two mobile devices.

There are a number of encryption and key management techniques that maybe employed in various embodiments within the scope of the presentapplication. Moreover, the particular transformation or function thatmay be used in conjunction with a key value to convert the PIN into anencrypted PIN may include a wide range of cryptographic transformationsor functions. Those of ordinary skill in the art will appreciate that awide range of such functions are known and may be selected, havingregard to the processing power and any time constraints associated witha particular application or system.

In one embodiment, the messaging application 160 employs symmetricencryption. Symmetric encryption is a cryptographic technique wherein itis computationally easy to determine one key from another key in the keypair. In most symmetric encryption schemes, the keys are identical.Symmetric encryption relies upon the secrecy of the keys. Accordingly,the key pair is usually distributed securely, and not over unsecuredchannels. In one embodiment, the user of mobile device 10A uses arelatively secure channel, such as a voice channel, to provide the userof mobile device 10B with a key value or a seed value from which the keymay be derived. For example, the first user may provide the second userwith a codeword or password which the second user enters into the mobiledevice 10B when prompted. The codeword or password may be used as a seedvalue in conjunction with an algorithm to compute the secret key for usein encrypting and decrypting communications.

In another embodiment, the messaging application 160 employs public-keyencryption. Public-key encryption is a cryptographic technique having anencryption transformation and decryption transformation wherein it iscomputationally infeasible to determine the decryption transformationfrom the encryption transformation. In other words, the encryptionfunction is a trap-door one-way function that provides an output ciphertext. Even knowing the cipher text and the encryption key, one cannotdetermine the decryption key and thereby obtain the unencrypted content.

Public-key encryption functions by having each mobile device 10 generatea public-private key pair. Each device shares its public key butprotects the secrecy of its private key. Other devices may encryptmessages to a first device using the first device's public key, and onlythe first device will be able to decipher the messages since only thefirst device has the corresponding private key.

In the context of the messaging system described herein, the messagingapplications 160 include a component for managing key pair generationand key exchanges. The key pair may be generated from a random seedvalue, such as, for example the time and date or other pseudo-randomseeds. The public key for each mobile device 10 is communicated to theother mobile device 10 using one of the communication applications 162.For example, the public key value may be embedded or attached to ane-mail sent from one mobile device 10A to the other mobile device 10B.In some embodiments, the messaging application 160 on the initiatingmobile device 10A embeds or attaches its public key K_(a) to theinvitation message sent to the receiving mobile device 10B. Thereceiving mobile device 10 in turn embeds or attaches its public keyK_(b) to the acceptance message sent to the initiating mobile device10A. In one embodiment, the communication application 162 employed bythe messaging application 160 to implement the invitation and acceptanceprocedure is an e-mail application. In such an embodiment, the publickeys may be attached to the e-mail as binary files. They mayalternatively be embedded in the body of the e-mail text. Those ofordinary skill in the art will be familiar with the range ofpossibilities for attaching or embedding public key data into existingcommunication application messages.

Reference is now made to FIG. 6 which shows, in flowchart form, a method300 for securely exchanging PINs in a mobile messaging system. Themethod 300 shown in FIG. 6 relates to an embodiment employing a publickey encryption scheme.

The method 300 begins in step 302 with the generation of a firstpublic-private key pair, E_(A), D_(A), by the messaging application 160(FIG. 5) of the first device 10A (FIG. 1). The key pair may be generatedfor each invitation sent by the device 10A or it may be generated onlyonce, or only periodically, by the device 10A and used for more than oneinvitation messaging process.

In step 310, the second device 10B generates the second public-privatekey pair, E_(B), D_(B). As with step 302, step 310 may be performed anewfor each invitation received or may be calculated once (or periodically)and used in more than one invitation messaging process. It will beappreciated that the public-private key pair E, D, generated by a device10 may be used for both sending invitations as an initiating device orfor responding to invitations as a receiving device. In someembodiments, the key pair is generated off-line and is stored on thedevice 10 at the time of manufacturing or deployment.

The user of device 10A triggers an invitation process by providing aninvitation command to the messaging application 160. The invitationcommand may be selected by the user from a menu. The user may berequired to provide address or other contact information for theintended recipient of the invitation. The invitation command invokes theinvitation component of the messaging application 160, which composes aninvitation message in step 304. The message is composed using one of thecommunication applications 162, such as an e-mail application. Themessaging application 160 ensures that the composed message includes anindicator to alert the messaging application 160 on the receiving mobiledevice 10B to the fact that the message is an invitation.

In step 306, the messaging application 160 attaches or embeds the firstpublic key E_(A) into the composed invitation message. In oneembodiment, the message is an e-mail message and the first public keyE_(A) is inserted in the text body of the e-mail message so as to enablethe message to traverse firewalls and spam filters.

In step 308, the communication application sends the invitation messageto the receiving mobile device 10B. This message appears in the “inbox”for the communication application at the receiving mobile device 10B.Either on receipt of the invitation message or once the user opens theinvitation message, the monitoring component of the messagingapplication 160 recognizes it to be an invitation. Accordingly, in step312, the messaging application 160 is triggered.

The messaging application 160 queries the user in step 314 to determinewhether the user wishes to accept or reject the invitation. If the userrejects the invitation, then the method 300 ends. If the user acceptsthe invitation, then the messaging application 160 extracts the firstpublic key E_(A) from the invitation message in step 316. In step 318,it then uses the extracted first public key E_(A) to encrypt the PIN forthe second mobile device 10B (i.e. PIN_(B)) in accordance with apredefined encryption transformation or function. The messagingapplication 160 then composes an acceptance message in step 320 fortransmission through one of the communication applications 162, such asan e-mail application. The acceptance message includes the encryptedPIN_(B) and the second public key E_(B). The encrypted PIN_(B) and thesecond public key E_(B) may be embedded or attached to the acceptancemessage. The acceptance message is then sent to the first mobile device10A in step 322.

The messaging application 160 on the first mobile device 10A recognizesthe acceptance message, either on receipt or once the user opens themessage, and it extracts the second public key E_(B) from the acceptancemessage in step 324. In step 326, the messaging application 160 encryptsthe PIN for the initiating mobile device 10A (i.e. PIN_(A)) inaccordance with the predefined encryption transformation or function.The messaging application 160 then composes an acknowledgement messagein step 328 for transmission through one of the communicationapplications 162, such as an e-mail application. The acknowledgementmessage includes the encrypted PIN_(A), which may be embedded orattached to the acknowledgement message. The acknowledgement message isthen sent to the second mobile device 10B in step 330.

Each mobile device 10 decrypts the encrypted PIN it has received usingits private key D_(A), D_(B), respectively, as shown in steps 332 and334. The devices 10 then store the decrypted PINs in association withcontact information for the user of the other device 10. Accordingly,the user of the other device 10 is now part of a “buddy list” or contactlist for use by the messaging application 160. Messages may now be sentdirectly from one user to the other user using the messaging applicationto compose messages that incorporate the PIN of the other user forrouting.

In yet another embodiment, the messaging applications 160 employ theDiffie-Hellman key agreement protocol to establish a secret key sharedbetween the two mobile devices 10. The protocol requires two parametersp and g, wherein p is a prime number and g is a number less than p, withthe property that for every number n between 1 and p−1 inclusive, thereis a power k of g such that n=g^(k) mod p. In the context of themessaging applications 160 in the peer-to-peer messaging system of thepresent application, a first messaging application generates a privatevalue a and a public value g^(a) mod p, where a is an integer selectedfrom 1 to p−2. The second messaging application generates its ownprivate value b and its public value g^(b) mod p, wherein b is aninteger from 1 to p−2. The messaging applications exchange publicvalues, as described above in conjunction with FIG. 5, and thencalculate a shared session key k from the relation k=g^(ba)=(g^(a))^(b)mod p.

In yet another embodiment, the invitation architecture of the presentapplication includes a passcode-based authentication procedure. Theinvitation sent from a first mobile device to a second mobile deviceincludes a question. The GUI dialog box present the user of the secondmobile device includes display of the question and provides the userwith an opportunity to select or submit an answer. The answer istransmitted with the acceptance message sent from the second device tothe first device. The first device compares the answer contained in theacceptance message with the correct answer stored at the first mobiledevice to authenticate the identity of the user of the second mobiledevice. The user of the first mobile device may provide the user of thesecond mobile device with the correct answer via an alternativecommunication application, such as through a voice call. Thepasscode-based authentication procedure provides enhanced security forensuring that a messaging relationship is established between thecorrect parties.

Reference is once again made to FIG. 1. According to another aspect ofthe present application, the peer-to-peer messaging application of eachmobile device 10 includes a contact database that stores the name and/orother identifying information and corresponding PIN for each user ofanother mobile device 10 with whom the user of the mobile device 10 hascommunicated or may wish to communicate using the peer-to-peer messagingapplication. This contact database is thus similar to the “buddy lists”that are part of IM applications. User and PIN information may be addedto and stored in the contact database each time the user establishes apeer-to-peer messaging session with another user. Entries may also beselectively deleted from the contact database by a user. FIG. 2 is aview of a portion of a display of a mobile device 10 showing anexemplary contact database screen 25 which is part of the peer-to-peermessaging application and displays a listing 30 of contacts stored inthe contact database. As seen in FIG. 2, contact database screen 25 alsoprovides status information 35 for each contact listed in listing 30that relates to the likely availability of the particular contact toparticipate in a peer-to-peer messaging session, referred to as “impliedavailability.” This availability information is discussed in greaterdetail below.

According to a further aspect of the present application, each mobiledevice 10 (referred to as the “first mobile device 10” for clarity)periodically transmits, such as every ten minutes to minimize datatraffic, availability information pertaining to it to the mobile devices10 of each of the users listed in the contact database of the firstmobile device 10 (referred to as the “other mobile devices 10” forclarity) through wireless network 15 and routing server 20 using thestored PIN of each of those users. In one particular embodiment, if anyof the other mobile devices 10 is off or out of coverage range, routingserver 20 will queue a number of availability information messagesintended for such other mobile devices 10, and will deliver them oncethe other mobile devices 10 are turned on or are back in coverage range.The availability information, which will change over time, is derivedfrom the current operational state of the first mobile device 10. Theavailability information is intended to provide an indication of theuser's activity in the first mobile device 10 in order to give each ofthe users of the other mobile devices 10 in the contact database anestimate of how likely it is that the user of the first mobile device 10will read and reply to a peer-to-peer message sent to the user of thefirst mobile device 10. Thus, because all of the mobile devices 10 insystem 5 (unless disabled as described below) transmit theiravailability information to all of their contacts, it will beappreciated that each mobile device 10 in system 5 will haveavailability information for each of the other users in its contactdatabase. As a result, a user of any mobile device 10 will able toconsult the availability information of any of the contacts listed incontact database of the mobile device 10 to get an idea as to whether aparticular contact is likely to receive and respond to a peer-to-peermessage, which information may effect the decision as to whether to senda peer-to-peer message at all.

The availability information may consist of a general status indicatorsuch as “available,” indicating, for example, that the mobile device 10is powered on and in range of the wireless network 15 and not activelyutilizing an application that would prevent a peer-to-peer message frombeing received, such as being engaged in a phone call using thetelephone application, or “unavailable,” indicating, for example, thatthe mobile device 10 is powered off or out of range of the wirelessnetwork 15. In addition, the availability information may relate tospecific states of or events occurring on the mobile device 10, such asignoring incoming telephone calls, the user powering the mobile device10 off, the first mobile device 10 being involved in a current telephonecall, the user of the first mobile device 10 being in a meeting asindicated by an entry in the calendar application provided in the mobiledevice 10, or the user of the mobile device 10 is currently using thepeer-to-peer messaging application. As will be appreciated, theavailability information may be tied to and derived from every action ofand/or piece of information available within the mobile device 10, andthat the specific examples listed above are meant to be exemplary onlyand not limiting. In addition, the general status indicators maycomprise a number of levels or degrees of availability based uponinformation relating to the specific states of and/or events occurringon the mobile device 10. In such a case, availability information may bereported on a scale indicating the various levels or degrees ofavailability, such as “Available-Level 1,” “Available-Level 2,” and soon. In addition, if a given user of a mobile device 10 does not wanttheir availability to be tracked this closely, they may selectivelyprevent their mobile device 10 from transmitting availabilityinformation.

FIG. 3 is a view of a portion of a display of a mobile device 10 showingan exemplary status screen 40 forming a part of the peer-to-peermessaging application. Status screen 40 is the main screen of thepeer-to-peer messaging application and provides the user of the mobiledevice 10 with overall status information relating to the peer-to-peermessaging application. In particular, status screen 40 providesinformation relating to various groups, including a currentconversations group 45, a blocked correspondents group 50 and a pendingconversations group 55. The current conversations group 45 lists andprovides information relating to all of the peer-to-peer messagingsessions, also referred to as conversations, in which the mobile device10 is currently engaged. A current conversation means either that themobile device 10 has sent an invitation as described above to anothermobile device 10 and has received an acceptance message as describedabove in return, or that another mobile device 10 has sent the mobiledevice 10 an invitation as described above and the mobile device 10 hasresponded with an acceptance message as described above. The blockedcorrespondents group 50 provides a listing of users of other mobiledevices 10 from whom the user of this mobile device 10 no longer wishesto receive peer-to-peer messages; their messages will be blocked and notdisplayed to the user. Preferably, “unavailable” availabilityinformation is transmitted by the mobile device 10 to each of theblocked correspondents. Alternatively, peer-to-peer messages from usersof other mobile devices 10 from whom the user of this mobile device 10no longer wishes to receive peer-to-peer messages may be blocked and notdisplayed to the user by removing such other users from the contactdatabase; in this case, the peer-to-peer messaging application will beadapted to block messages from any user not listed in the contactdatabase. The pending conversations group 55 provides informationrelating to all of the currently pending conversations of the mobiledevice 10. A pending conversation means either that the mobile device 10has sent an invitation as described above to another mobile device 10and has not yet received a response, or that another mobile device 10has sent the mobile device 10 an invitation as described above and themobile device 10 has not yet responded.

The current conversations group 45, the blocked correspondents group 50and the pending conversations group 55 may be selectively expanded,where additional information is displayed, or collapsed, whereadditional information is not displayed. Each of the currentconversations group 45, the blocked correspondents group 50 and thepending conversations group 55 is shown in FIG. 3 in expanded from. Auser may selectively toggle between the expanded and collapsed states byproviding an input into the mobile device 10 through an input apparatus,such as a plurality of keys and/or a rotating thumbwheel, included aspart of the mobile device 10. In the expanded state, the currentconversations group 45 lists for each current conversation: (1) the userassociated with the other mobile device 10, (2) availability informationrelating to the other mobile device 10, and (3) the date and/or time ofthe most recent message sent or received. Since a peer-to-peer messagingsession can remain open and active for long periods of time, e.g., weeksor months, item (3) provides a quick reference as to which conversationsare most active and current. In the expanded state, the pendingconversations group 55 lists for each pending conversation: (1) the userassociated with the other mobile device 10, and (2) availabilityinformation relating to the other mobile device 10. As seen in FIG. 3,an icon 60 indicative of the availability information is preferablyprovided next to each entry in the current conversations group 45 andthe pending conversations group 55 for ease of reference for the user.

Although the foregoing description refers to the possibilities ofembedding or attaching PINs, keys, or other data elements to messagessent by one of the communication applications, it will be understoodthat the term “embed” or “embedding” as used herein is meant to beinterpreted broadly to include attaching, embedding, or otherwisetransmitting or sending such a data element with a message.

The above-described embodiments of the present application are intendedto be examples only. Alterations, modifications and variations may beeffected to the particular embodiments by those skilled in the artwithout departing from the scope of the application, which is defined bythe claims appended hereto.

1. A method performed by a first communication device comprising:preparing an invitation to engage in peer-to-peer messaging for a secondcommunication device, the invitation comprising an encrypted firstpersonal identification number unique to the first communication device,the first personal identification number being encrypted using a publickey of the second communication device and utilized by a peer-to-peermessaging system to exchange messages using a peer-to-peer messagingapplication; sending the invitation to the second communication deviceusing a communication application different from the peer-to-peermessaging application; receiving from the second communication device,an acceptance message, the acceptance message including an encryptedsecond personal identification number unique to the second communicationdevice, the second personal identification number having been encryptedby the second communication device using a public key of the firstcommunication device; decrypting the encrypted second personalidentification number using a private key corresponding to the publickey of the first communication device; and performing at least one ofsending a first peer-to-peer message to the second communication deviceusing the second personal identification number, and receiving a secondpeer-to-peer message from the second communication device, the secondpeer-to-peer message having been sent using the first personalidentification number.
 2. The method of claim 1, further comprisingsending the public key of the first communication device to the secondcommunication device.
 3. The method of claim 2, wherein the public keyof the first communication device is sent with the invitation.
 4. Themethod of claim 1 wherein the first communication device is a mobilecommunication device.
 5. The method of claim 1 further comprisingreceiving public key of the second communication device from the secondcommunication device.
 6. The method of claim 5, wherein the public keyof the second communication device is sent with the acceptance message.7. The method of claim 1, wherein the communication application is anyone of an email application, a short message service application, amultimedia messaging service application, an enhanced message serviceapplication, an Internet enabled messaging application, and a telephonebased application.
 8. The method of claim 1, wherein the private key andpublic key of the first communication device are generated by the firstcommunication device.
 9. A method performed by a second communicationdevice comprising: receiving an invitation to engage in peer-to-peermessaging from a first communication device, the invitation comprisingan encrypted first personal identification number unique to the firstcommunication device, the first personal identification number havingbeen encrypted using a public key of the second communication device andutilized by a peer-to-peer messaging system to exchange messages using apeer-to-peer messaging application; preparing an acceptance message, theacceptance message including an encrypted second personal identificationnumber unique to the second communication device, the second personalidentification number being encrypted by the second communication deviceusing a public key of the first communication device; sending theacceptance message to the first communication device using acommunication application different from the peer-to-peer messagingapplication; decrypting the encrypted first personal identificationnumber using a private key corresponding to the public key of the secondcommunication device; and performing at least one of receiving a firstpeer-to-peer message from the first communication device, the firstpeer-to-peer message having been sent using the second personalidentification number, and sending a second peer-to-peer message to thefirst communication device using the first personal identificationnumber.
 10. The method of claim 9 further comprising displaying theinvitation along with an accept option and a reject option relating tothe invitation.
 11. The method of claim 9, further comprising receivingthe public key of the first communication device from the firstcommunication device.
 12. The method of claim 11, wherein the public keyof the first communication device is received with the invitation. 13.The method of claim 9 wherein the second communication device is amobile communication device.
 14. The method of claim 9 furthercomprising sending the public key of the second communication device tothe first communication device.
 15. The method of claim 14, wherein thepublic key of the second communication device is sent with theacceptance message.
 16. The method of claim 9, wherein the communicationapplication is any one of an email application, a short message serviceapplication, a multimedia messaging service application, an enhancedmessage service application, an Internet enabled messaging application,and a telephone based application.
 17. The method of claim 9, whereinthe private key and public key of the second communication device aregenerated by the first communication device.
 18. A computer readablemedium comprising computer executable instructions to be performed by afirst communication device, the computer executable instructionscomprising instructions for: preparing an invitation to engage inpeer-to-peer messaging for a second communication device, the invitationcomprising an encrypted first personal identification number unique tothe first communication device, the first personal identification numberbeing encrypted using a public key of the second communication deviceand utilized by a peer-to-peer messaging system to exchange messagesusing a peer-to-peer messaging application; sending the invitation tothe second communication device using a communication applicationdifferent from the peer-to-peer messaging application; receiving fromthe second communication device, an acceptance message, the acceptancemessage including an encrypted second personal identification numberunique to the second communication device, the second personalidentification number having been encrypted by the second communicationdevice using a public key of the first communication device; decryptingthe encrypted second personal identification number using a private keycorresponding to the public key of the first communication device; andperforming at least one of sending a first peer-to-peer message to thesecond communication device using the second personal identificationnumber, and receiving a second peer-to-peer message from the secondcommunication device, the second peer-to-peer message having been sentusing the first personal identification number.
 19. A computer readablemedium comprising computer executable instructions to be performed by asecond communication device, the computer executable instructionscomprising instructions for: receiving an invitation to engage inpeer-to-peer messaging from a first communication device, the invitationcomprising an encrypted first personal identification number unique tothe first communication device, the first personal identification numberhaving been encrypted using a public key of the second communicationdevice and utilized by a peer-to-peer messaging system to exchangemessages using a peer-to-peer messaging application; preparing anacceptance message, the acceptance message including an encrypted secondpersonal identification number unique to the second communicationdevice, the second personal identification number being encrypted by thesecond communication device using a public key of the firstcommunication device; sending the acceptance message to the firstcommunication device using a communication application different fromthe peer-to-peer messaging application; decrypting the encrypted firstpersonal identification number using a private key corresponding to thepublic key of the second communication device; and performing at leastone of receiving a first peer-to-peer message from the firstcommunication device, the first peer-to-peer message having been sentusing the second personal identification number, and sending a secondpeer-to-peer message to the first communication device using the firstpersonal identification number.
 20. A first communication device havinga first personal identification number and configured to communicatewith a second communication device having a second personalidentification number different from the first personal identificationnumber, the first communication device comprising: a processor; amemory; a communication application; and a peer-to-peer messagingapplication different from the communication application that is storedin the memory and executable by the processor to: prepare an invitationto engage in peer-to-peer messaging for a second communication device,the invitation comprising an encrypted first personal identificationnumber unique to the first communication device, the first personalidentification number being encrypted using a public key of the secondcommunication device and utilized by a peer-to-peer messaging system toexchange messages using a peer-to-peer messaging application; send theinvitation to the second communication device using a communicationapplication different from the peer-to-peer messaging application;receive from the second communication device, an acceptance message, theacceptance message including an encrypted second personal identificationnumber unique to the second communication device, the second personalidentification number having been encrypted by the second communicationdevice using a public key of the first communication device; decrypt theencrypted second personal identification number using a private keycorresponding to the public key of the first communication device; andperform at least one of sending a first peer-to-peer message to thesecond communication device using the second personal identificationnumber, and receiving a second peer-to-peer message from the secondcommunication device, the second peer-to-peer message having been sentusing the first personal identification number.
 21. A secondcommunication device having a second personal identification number andconfigured to communicate with a first communication device having afirst personal identification number different from the second personalidentification number, the second communication device comprising: aprocessor; a memory; a communication application; and a peer-to-peermessaging application different from the communication application thatis stored in the memory and executable by the processor to: receive aninvitation to engage in peer-to-peer messaging from a firstcommunication device, the invitation comprising an encrypted firstpersonal identification number unique to the first communication device,the first personal identification number having been encrypted using apublic key of the second communication device and utilized by apeer-to-peer messaging system to exchange messages using a peer-to-peermessaging application; prepare an acceptance message, the acceptancemessage including an encrypted second personal identification numberunique to the second communication device, the second personalidentification number being encrypted by the second communication deviceusing a public key of the first communication device; send theacceptance message to the first communication device using acommunication application different from the peer-to-peer messagingapplication; decrypt the encrypted first personal identification numberusing a private key corresponding to the public key of the secondcommunication device; and perform at least one of receiving a firstpeer-to-peer message from the first communication device, the firstpeer-to-peer message having been sent using the second personalidentification number, and sending a second peer-to-peer message to thefirst communication device using the first personal identificationnumber.